SpamBlocker3 exim.conf file now ready for Beta testing

Status
Not open for further replies.
Hi Jeff,

Do I have to uncomment the following lines in exim.conf as instructed by DA guideline? Thanks.


# Spam Assassin
#spamcheck_director:
# driver = accept
# condition = "${if and { \
# {!def:h_X-Spam-Flag:} \
# {!eq {$received_protocol}{spam-scanned}} \
# {!eq {$received_protocol}{local}} \
# {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
# } {1}{0}}"
# retry_use_local_part
# transport = spamcheck
# no_verify
 
Jeff, thanks for your coments. Please take a look at this thread for info about njabl.org. Also info on their own site:

* Though dnsbl.njabl.org still contains lots of dialup/dynamic listings, no more are being added. All dialup/dynamic additions are being put into the dynablock.njabl.org zone, also available as part of combined.njabl.org.

About your question if it's real spam or just perceived spam: I know we did some monitoring before we implemented the dnslist changes and we did lose some spam coming through with it. The exact numbers however are lost somewhere.
 
ak17_hk said:
Do I have to uncomment the following lines in exim.conf as instructed by DA guideline? Thanks.


# Spam Assassin
Click to expand...

Yes for all the lines except the one directly above, if and only if you have SpamAssassin installed on your server and want to use it.

skruf's response is good, but I wanted a specific answer in the thread for anyone searching through the archives.

Jeff
 
Remco00 said:
Jeff, thanks for your coments. Please take a look at this thread for info about njabl.org. Also info on their own site
Click to expand...
My gut feeling today is I'll use both the combined list and the old lists as well, in the final release.

Still testing.

Jeff
 
I found the following lines in the mail log.. not sure what went wrong... anyone got an idea for that? Thanks!


Jan 4 03:00:21 ns3 spamd[2220]: logger: removing stderr method
Jan 4 03:00:22 ns3 spamd[2222]: config: pyzor_path "/usr/bin/pyzor" isn't an executable
Jan 4 03:00:22 ns3 spamd[2222]: config: SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor
Jan 4 03:00:22 ns3 spamd[2222]: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK'
Jan 4 03:00:22 ns3 spamd[2222]: spamd: server started on port 783/tcp (running version 3.1.7)
Jan 4 03:00:22 ns3 spamd[2222]: spamd: server pid: 2222
Jan 4 03:00:22 ns3 spamd[2222]: spamd: server successfully spawned child process, pid 2223
Jan 4 03:00:22 ns3 spamd[2222]: spamd: server successfully spawned child process, pid 2224
Jan 4 03:00:22 ns3 spamd[2222]: prefork: child states: II
 
You'd be better off asking SpamAssassin questions in a SpamAssassin thread. I neither use nor believe in using SpamAssassin, so I don't keep track of how it does/doesn't work.

I used SpamAssassin for years, but found I had two issues with it:

1) SpamAssassin takes spam and puts it into another mailbox, where you have to read it anyway to see if it's really spam. It uses a lot of resources on my server, and doesn't do a thing to the spammer, who is able to tell his client the spam was delivered, and get paid for delivering it.

2) Serious spammers run everything through the latest SpamAssassin rules before they send it, and they don't send it until it passes. SpamAssassin is always playing a game of catchup.

My opinion, of course.

Jeff
 
How could we change the subject of the bounced message to the "spammer"? saying something like "** Message blocked by our junk mail filter**" or something along those lines
 
That page is how to completely change the default message and its format when your exim notifies a server after the fact that it couldn't deliver a message it had already accepted. Which is behavior we try to avoid by blocking in realtime. You don't have to do that for messages sent by SpamBlocker, the message is included in your exim.conf file right after deny message =.

For example, if the message is blocked because you've got the sending domain in a blocklist, the error message returned in the log, and to the sending server is:

Email blocked by LBL - to unblock see http://www.example.com

You can find that line in your exim.conf file.

You have changed all occurrences of www.example.com to a page of your own where people can get unblocked, haven't you :) ?

You can change any of the messages to say whatever you want. You can even create multi-line messages, although i don't use them because many mailservers don't handle multi-line error messages properly.

Jeff
 
OK sorry It does work. Here is a copy of what a bounceback looks like and to an average user it is pretty damn confusing, however this isn't the sorbs or other list blocking message, as this would be an on purpose ban but I remember the other messages were near as confusing as well.

Subject: Delivery Status Notification (Failure)

From: Mail Delivery Subsystem

Message:

his is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

[email protected]

Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 550 Administrative prohibition

----- Original message -----

Received: by 10.82.167.5 with SMTP id p5mr204690bue.1168475042128;
Wed, 10 Jan 2007 16:24:02 -0800 (PST)
Received: by 10.82.182.16 with HTTP; Wed, 10 Jan 2007 16:24:02 -0800 (PST)
Message-ID: <[email protected]>
Date: Wed, 10 Jan 2007 17:24:02 -0700
From: "Justin" <[email protected]>
To: [email protected]
Subject: testing spam
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_22473_28118588.1168475042110"

------=_Part_22473_28118588.1168475042110
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

test

------=_Part_22473_28118588.1168475042110
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

----- Message truncated -----
 
Last edited:
My Entire point is the message to a false positive is not user friendly for the average email user. It includes a lot of extra cryptic information that will just confuse them.

A great example is the barracuda spam filter that responds with something like this which alters the subject and displays a clear message before introducing extra information. Just my 2 cents on improving Spamblocker!

Subject: **Message you sent blocked by our bulk email filter**

From: MAILER-DAEMON

Your message to: [email protected]
was blocked by our Spam Firewall. The email you sent with the following subject has NOT BEEN DELIVERED:

Subject: Hey bro, you really should check this out zagez

-------------- next part --------------
Skipped content of type message/delivery-status
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/rfc822-headers
Size: 755 bytes
Desc: Undelivered-message headers
Url : http://lists.osdl.org/pipermail/opendoc/attachments/20060411/00c23323/attachment.bin
 
I'm beginning to understand the problem.

Customizing Bounce Messages will only work for senders who send through your server. It won't affect senders who use (for example) hotmail or earthlink, and have their email refused by your server. That's up to the configuration of the bounce messages on their server.

However, there are NO changes you can make to this setting, anyway, which would resolve the problem.

The problem is that exim is NOT passing the error message it should, back to the sending server, or even to the logfile.

It does send it back properly for blocks based on blocklists, in those cases the error message defined in your exim.conf file should show up immediately following:
PERM_FAILURE: SMTP Error (state 9): 550 Administrative prohibition
Click to expand...
I don't know why the problem exists; I've posted it on the exim-users list and I'm awating a reply.

Jeff
 
All I know is spammers were using one of my email addresses and of course I would get the bounce back to my email account like:

Spammer forges my email to some other server. That server is running barracuda and sends the spam trap error back to me.

That's how I found out that they have much cleaner and nicer messages :) A lot easier for the average computer user to understand and really helps it adjusts the subject of the message.
 
Release Date

Just wondering how far off this is from moving from Beta to Production? I am considering testing it but I do have a large qty of users and only want to install once.

Thanks,

Mike
 
I've got a bunch of stuff ready to do but I'm going on vacation next week and the week after. I should be able to get it out in December.

Jeff
 
Status
Not open for further replies.
Back
Top